Subject: Electronic CIPHER, Issue 9, September 18, 1995
_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/
_/ _/ _/ _/ _/ _/ _/ _/ _/
_/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/
_/ _/ _/ _/ _/ _/ _/ _/
_/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/
====================================================================
Newsletter of the IEEE Computer Society's TC on Security and Privacy
Electronic Issue 9 September 18, 1995 Carl Landwehr, Editor
====================================================================
Contents: [1570 lines total]
Letter from the Editor
Security and Privacy News Briefs:
o Cryptography policy developments
o LISTWATCH: WWW-Security -- SSL challenge broken by Mary Ellen Zurko
o IPSEC RFC's released
o PGPfone Beta available
o Gates foresees unprintable, unforwardable e-mail
o Citibank thieves transferred $12M
o Time features Infowar
o MS Word "prank" macro
o Windows '95 security items
Articles and Conference Reports:
o Crypto 95 -- Notes on R. Morris, A. Shamir invited talks
by Jim Gillogly and Paul Syverson
o Perspective on Data Encryption Policy by Peter H. Lewis
o Computer Secure Foundations Workshop 8 Summary by Simon Foley
Calls for Papers: ACM Workshop on RBAC, IFIP WG 11.3 1996, Info Hiding
Reader's guide to recent security and privacy literature
o Communications and Multimedia Security: IT Sicherheit '95, Graz, Austria
o Third Conf. on Computer and Communications Security '96, New Delhi, India
o New Security Paradigms Workshop '95, La Jolla, California
o Relevant papers from recent journals and periodicals
o New Books: Computer Crime; Applied Cryptography 2nd Ed.
Calendar
Who's Where: recent address changes
New Reports available via FTP and WWW
Interesting Links
DSL subscription offer
How to join the TC on Security and Privacy
Publications for sale
TC officers
Information for Subscribers and Contributers
____________________________________________________________________
Letter from the Editor
____________________________________________________________________
Dear Readers,
Just a typical, slow-news August/September: the Windows '95 release
triggered a flurry of security-related items, Time magazine featured a
cover story on information warfare, evidence came to light that criminals
had used computers to transfer nearly $12M from Citibank accounts, and
the pot of international policies on export and use of cryptography
continued to boil, with the Clinton administration floating a new policy
permitting civilian agencies to use key escrow systems other than Clipper.
This issue includes items or pointers on all of these topics and more.
With the proliferation of web sites storing technical information related
to security and privacy, it's not easy to visit them regularly to keep up
with new publications.
Observing this, Milan Kuchta has suggested that, in addition to Cipher's
"Interesting Links" section, we include a section listing pointers to
recently published technical reports available by FTP or WWW. This we have
done, and we encourage you to send pointers to Cipher when you produce
or find relevant new reports.
Thanks to our many contributors; please send more! In particular, two
films now in theaters focus on security and privacy -- anyone care to write
comparative reviews? Also, anyone interested on providing reports on
conferences coming up in the next month or so (DCCA-5, NISS-18, ICI, etc.)
please send me a note.
Carl Landwehr
Editor, Cipher
______________________________________________________________________
Security and Privacy News Briefs
______________________________________________________________________
Cryptography Policy Developments
--------------------------------
Cryptography policy continues to be a hot topic. The National Research
Council's project on national cryptography policy convened at Woods Hole
this summer and plans to meet again in November. In early August, however,
the Clinton administration suggested that it might consider a new policy
for key escrow in which individual users could select different escrow
schemes, as long as the government could obtain copies of the escrowed
keys with proper authorization.
A workshop to discuss the policy and solicit reaction was held at the
National Institutes of Standards and Technology in Gaithersburg in early
September. Reactions to the policy and the workshop have varied, and
rather than try to summarize them, Cipher has obtained permission to
include what seems to be a broad and balanced account written by Peter
H. Lewis of the New York Times (later in this issue; also see pointers
in the "Reports available via FTP and WWW" section).
Saturday, Sept. 16, Elizabeth Corcoran reported in the Washington Post
that a meeting between government and industry officials the previous
day had ended with private sector representatives feedling "confused"
and "burned." Steve Walker of TIS was reported to have likened the
process of developing a policy agreeable to all parties as trying to
find a way through a maze that had never before been successfully traversed.
Elsewhere, Ross Anderson's item on possible future Australian crypto
policy, circulated widely on the net and abstracted in Cipher EI#8
drew a rebuttal from Steve Orlowski, and the rebuttal drew another reply
from Ross. Rather than reprint these, Cipher suggests that interested
readers read Orlowski's paper for themselves; it can be found at:
http://commerce.anu.edu.au/comm/staff/RogerC/Info_Infrastructure/Orlowski.html
It's clear that national cryptographic policy is a sensitive issue and
many governments are trying to assess and reconcile a number of competing
positions.
______________________________________________________________________
LISTWATCH: WWW-Security list items,summarized by Mary Ellen Zurko, OSF
______________________________________________________________________
Exportable encryption for the Web is broken:
The big news in WWW security circles this month was that a student at
INRIA broke the SSL challenge (see
http://www.portal.com/~hfinney/sslchal.html for the challenge, and
http://pauillac.inria.fr/~doligez/ssl/announce.txt for the report on
breaking it). The challenge was to break the encryption of a
particular submission of a Web form using Netscape Navigator's
"secure" mode. It was encrypted with the default exportable encryption
mode, 40-bit RC4. The student who broke it used "a brute force search
on a network of about 120 workstations and a few parallel computers at
INRIA, Ecole Polytechnique, and ENS. The key was found after scanning
a little more than half the key space in 8 days."
The debate raged over whether this is a clear indication that the US
export restrictions on cryptography are out of date, and whether it is
ethical to produce products that follow those strictures, and claim
that they are secure. A second challenge was cracked in under 32 hours
using around 300 computers on the Internet. The timing of the NIST
dialogues on exporting strong encryption if it uses key escrow could
hardly be better.
Most of this information was reposted on www-buyinfo from cypherpunks.
______________________________________________________________________
IPSEC RFCs Released
______________________________________________________________________
The IPSEC protocol, designed to support improved IP-layer security,
both for IPv4 and IPv6, progressed to the next stage of Proposed Standard
in early August with the release of RFCs 1825, 1826, 1827, 1828, and 1829.
"RFC" means Request for Comments, and Cipher readers are encouraged to
participate. Still to come is a standard for key management; one such
standard, called "Photuris" is under active development. Cipher readers
can find the RFCs at URL http://ds.internic.net/ds/rfc-index.html.
______________________________________________________________________
Gates foresees unprintable, unfowardable e-mail
______________________________________________________________________
In an article addressing privacy issues published in the New York Times,
the Manchester Guardian, and perhaps elsewhere, Bill Gates claims:
"Technology can overcome this privacy problem: expect to see e-mail that,
at the option of the sender, cannot be forwarded or printed on paper."
Do any Cipher readers have an idea what technology might accomplish this?
A video camera seems an effective way to defeat anything your editor
can imagine.
______________________________________________________________________
Citibank thieves transferred $12M
______________________________________________________________________
According to reports from Reuters, a Russian hacker from St. Petersburg
and accomplices are accused of hacking into Citibank's electronic
banking system in Parsippany, New Jersey and illegally transferring $12M
to other bank accounts in San Francisco, the Netherlands, and Finland.
The Russian, 28-year-old Vladimir Levin, is currently fighting extradition
to the U.S. in hearings in London. He has been held there since last
March 3, when he was arrested at Heathrow, according to the reports.
Citibank has stated that it recovered all but $400,000 of the transferred
funds, according to the Wall Street Journal. The September 17 issue
of the Washington Post carried a full page ad encouraging readers to
"Call Citibank today and start using our PC banking service for free."
______________________________________________________________________
TIME features Infowar
______________________________________________________________________
The August 21 issue of TIME magazine featured three articles on
information warfare, including one detailing scenarios from a RAND
war game. Cipher readers who missed the issue but have Web access
may be able to find it by going to URL http://www.pathfinder.com/
Choose "Search" from the home page, select the TIME database, and
use "infowar" as the phrase to search for. The August 10, 1995 issue of
Defense Daily also carried an account of a wargame conducted at the Naval
War College July 10-28 that included elements of information warfare
attacks. In this scenario, while two major regional wars were in progress
abroad, participants had to deal with "cyber-terrorists" who disrupted
air traffic control and jammed commercial ship communications. Apparently
it took some time for the participants to recognize that the incidents
at home were part of a coordinated attack.
______________________________________________________________________
PGPfone Beta available
______________________________________________________________________
In late August, MIT announced that it is now distributing the BETA TEST
release of PGPfone. According to the announcement, PGPfone (Pretty
Good Privacy Phone) is a software package that turns a desktop or
notebook computer into a secure telephone. It uses speech
compression and strong cryptography protocols to support real-time
secure telephone conversation. The Beta Test is currently available
only for Macintosh computers; a Windows 95 version is in the works.
PGPfone is being distributed in the U.S. and Canada via anonymous FTP
and the World Wide Web. Anonymous FTP users should get the file
"/pub/PGPfone/README" from net-dist.mit.edu. It provides instructions
on how to download PGPfone. Web Users should go to the PGPfone Home
Page at URL: http://web.mit.edu/network/pgpfone
_____________________________________________________________________
MS Word "Prank" macro
______________________________________________________________________
Microsoft acknowledged the existence of a "prank" macro that can infect
MS Word documents and released the following statement about it:
Microsoft Word is a target of a virus-like macro which
distributes itself through documents created in Word 6.0 for
Windows; 3.1, Word 6.0.1 for the Macintosh, Word 6.0 for
Windows NT; and Word for Windows 95. This macro does not affect
earlier versions of Word for Windows or Word for the Macintosh. After
you open a document containing the macro, documents you save will
contain copies of it. Once installed, the macro only lets you save
documents as templates. The macro does not otherwise affect the
contents of documents, but it will replicate and distribute itself
through Word documents.
Microsoft also released a program to scan documents and remove the
offending macro. Further information, and the scanner, are available
at URL http://www.microsoft.com/msoffice/prank.htm
______________________________________________________________________
Windows '95 Security
______________________________________________________________________
The much-ballyhooed release of Windows '95 triggered a number of
security-related news items.
First, the behavior of the Registration Wizard (which potentially sends
information about the user's configuration back to Microsoft), reported
in Cipher last spring, continues to evoke some comment and concern.
Second, some users reported error messages when trying to install the
second Windows '95 disk. The problem apparently occurred if the user's
existing system had a particular virus installed; for details on the
problem and treatment, try URL:
http://www.windows.microsoft.com/windows/support/disktwo.htm
(though your editor was unable to get a response from it)
Third, interactions between Window '95 and Novell Netware may result
in unexpected behaviors (though Microsoft evidently disputes this), as
described in the following copyrighted article (thanks to Gene Spafford
for passing this to Cipher):
New Software Is Blamed for Networking Problems at a Few Universities
By SIMSON L. GARFINKEL, Special to the Mercury News
(C) 1995, Simson L. Garfinkel
Permission granted for electronic redistribution on the Internet
Microsoft's new Windows 95 operating system is playing havoc with the
computer networks at a few of the nation's universities, prompting at least
one university to issue a policy restricting students and faculty from
running Windows 95 on its computer network.
University administrators say problems have occurred when a user running
Windows 95 connects that machine to a network running the Novell Netware
operating system, one of the most popular versions for allowing a group of
computers to operate collectively, or over a ''network.''
Windows 95 has a new network feature that allows computer users to share
information stored on each other's computers. The problem, according to
people who have worked with the software, is that a computer running
Windows 95 can be configured to masquerade as an organization's Novell
Netware server, or centralized ''control'' computer. When that occurs, the
computers trying to talk with the server shut down, or ''crash,''
university officials say.
Utah State University already has instituted a policy forbidding its
students and staff from using a specific type of Netware networking feature
that's built into Windows 95.
''We have published a policy that we will come and break your kneecaps if
you do this, so please don't,'' said Joe Doupnik, a professor of electrical
engineering at Utah State University in Logan, Utah.
Besides Utah State, representatives from the University of Kansas and some
other institutions have reported similar problems.
So far, no corporations have reported any troubles with the popular new
operating system, according to a Microsoft spokesman. That suggests,
according to computer experts, that it is only in less regulated
environments -- such as college campuses -- where there may be problems. At
larger corporations, the computer network is closely managed by experts who
would know how to avoid the traps that could lead to the woes being
experienced at some universities.
The problem reported by the universities has to do with the inner workings
of Novell's Netware operating system. Under normal circumstances, when a
desktop computer running Novell's client software is turned on, one of the
first things that the computer does is send a request out on the network
for the nearest Novell server, said Doupnik. Under normal circumstances,
the nearest Netware server responds to this request and tells the client
computer how to go about accessing files on the organization's local area
network.
But when a Windows 95 computer configured to act like a server is attached
to the same network, Doupnik said that computer can respond first. The
result is that the person who has requested information from the network
ends up with an unresponsive, or dead, computer. For the user running a
computer with the Windows 95 operating system, nothing appears to be wrong.
Microsoft, meanwhile, denies that the problem exists.
''We have done extensive testing with Novell's products,'' said Mike Conte,
a group manager with Microsoft's Personal Systems Division. ''There was an
issue . . . during the beta [test period], but actually the problem has
been fixed for months.
''Normally, people won't encounter this issue at all, because it won't be
turned on,'' Conte said, referring to the program that turns on the
specific networking function. If users do turn it on, he said, they need to
specify a ''preferred network'' for Novell Netware clients to use. Windows
95 will then automatically send the client's requests to the appropriate
Netware server.
But computer system administrators -- and Novell itself -- disagree. Novell
and Microsoft are competitors in the lucrative networking software market.
William Donahoo, director of product marketing at Novell, said his company
has offered to work with Microsoft, but the Washington-based king of
desktop operating systems has rebuffed Novell's overtures.
''We have several license programs and computability testing programs,''
Donahoo said. ''They have not wanted to participate. They have wanted to do
it on their own.''
Donahoo said there is a way for system administrators to prevent system
crashes, but representatives from the universities say they have been
unable to resolve the problem.
For example, Michael McGinnis, a network consultant at the University of
Kansas in Lawrence, said a student at that university on Friday caused
havoc on the network system when he tried to hook up to the network after
he had installed Windows 95.
McGinnis said it took him and two other computer consultants three hours
to track down the culprit.
''I have had the problem, and I have gotten e-mail messages from system
administrators at three other universities who have seen the problem,''
McGinnis said.
McGinnis called Microsoft for technical support. ''I spent an hour on the
phone, and couldn't get to anyone at Microsoft who knew anything about this
problem. I talked to one tech support guy who said he didn't know of any
such problem. He gave me a phone number of another Windows 95 Networking
Support Group at Microsoft. I have not called them yet, because I didn't
have authorization to spend $35.''
About this last point, McGinnis is particularly resentful. ''We bought
375 copies and they won't let me talk to a tech support person unless I
pay them.''
______________________________________________________________________
Crypto '95: Notes on Morris, Shamir Invited Talks
______________________________________________________________________
Crypto '95 attendance continued its upward trend this year, with over
300 participants. Proceedings are available from Springer-Verlag (see
the IACR home page (http://www.swcp.com/~iacr/) or via the Interesting
Links section on Cipher's Web page) that cover the regular sessions,
but we include notes on invited talks by Robert Morris, reported by
Jim Gillogly, and Adi Shamir, reported by Paul Syverson. Bob Morris
has reviewed Jim's summary, but, as Paul notes, Adi Shamir, has NOT
have the opportunity to review Paul's summary.]
---------
Notes on "Non-cryptographic Ways of Losing Information" a talk by
Robert Morris, reported by Jim Gillogly
---------
Bob Morris (recently retired from NSA) gave a fascinating invited
lecture entitled "Non-cryptographic Ways of Losing Information". I
hope he writes it up; until then, here are my notes from his
presentation.
Two things he said which I found new and fascinating:
- During the early 1950's many major powers were discouraged by the
tendency of then-modern crypto machines to fail in a way that would
send plaintext instead of ciphertext, and they went to one time pads
for most of their high-level enciphered traffic. Because of key
re-use, we were regularly and routinely reading pieces of that
traffic. This included many systems from various countries. (I
wonder if he meant to include VENONA among these systems?) Sometimes
the people who prepared OTP's would double their profit by selling
them to more than one customer.
- By the middle to late 1960's cryptanalysis became less cost effective
than obtaining the information by other means -- wiretaps and so on.
Morris emphasized and said we should write down these dicta:
-->Never underestimate the attention, risk, money and time that an opponent
will put into reading traffic.
-->Rule 1 of cryptanalysis: check for plaintext.
The real start of modern cryptology should be dated to the Enigma
machines, which typified the new character of the art. Much has been
made of the errors of the German cipher clerks, but egregious as they
were, the errors made by the British cryptographers were vastly worse,
and the American blunders were worse yet. German analysts regularly
read and used Atlantic convoy orders throughout the war -- they were
transmitted in an old code.
One must always assume that the enemy has a copy of the
machine/algorithm. A system that relies on keeping the algorithm
secret is eventually doomed to failure, because it will always be
discovered by some means or other.
He sees microphones and antennas everywhere: the telephone line cord is
an antenna; if telephone linemen were working on a pole outside his
house he'd call the police an then find out what they were working on.
In an unspecified country he called Lower Slobbovia (Al Capp, isn't
it?) American troops used encrypted radiophones; when they broke they
were taken to local repair shops to be fixed. When they got home the
US engineers were interested to see the modifications that had been
made. He mentioned a few similar instances, including the lovely
carved wooden seal given to the US Embassy in Moscow to decorate the
Ambassador's residence. [A replica is now on view at the National
Cryptologic Museum with the transmitter cavity visible.] Cordless
phones have a range of 5 miles or so. Use of cellular phones is
increasing dramatically, as well as fax and modems.
He discussed the Walker/Whitworth spying case, and said one of his
design criteria is to design systems with Walker in them: it's not good
enough to have a system where everyone must be trusted, but it must
also be made robust against insiders. This may include going to
non-paper systems, so that there are no paper keys that the Walkers of
the world can shop to the other side.
Threats and risks include: overconfidence, carelessness, eavesdropping
and tapping, theft of floppies and other materials, purchase, theft of
key material, burglary and blackmail. Much or most loss is due to
insiders.
In the future there will be more radio used for ordinary
communications. Americans are unwilling to pay for secure telephones,
but that's not the case in Europe.
--------------------------
Notes on "Cryptography -- Myths and Realities", a talk by Adi Shamir
Reported by Paul Syverson
--------------------------
[Note: I produced this writeup from memory without the beneifit of notes,
and Shamir has not had the opportunity to review it. So, caveat lector!
-Paul Syverson]
The IACR Distinguished Lecture, ``Cryptography---Myths and Realities''
was given by Adi Shamir. The lecture was both entertaining and
informative, tracing the early history of events surrounding the
development of the RSA algorithm and giving practical advice for
computer security today.
One of the first myths dispelled was that one has to be a longstanding
expert on algorithms to come up with a good one. Shamir's first
contact with Ron Rivest was in a letter suggesting they discuss the
advanced algorithms course that the two would teach together when
Shamir was visiting at MIT. Actually this letter, sent just weeks
before the beginning of the spring term, was the first he knew of his
assignment. And, at that point he had no background in algorithms! He
also documented the laborious uphill struggle that the cryptographer
faces as the cryptanalyst relentlessly swoops down on his work;
apparently early proposals for what would become RSA were worked out on
ski trips in Vermont that winter and spring. On the ride up someone
would propose a scheme which would then be broken during the next run
down the mountain. The final version actually came to Ron Rivest on
another occasion as he lay delirious and sick on his couch at home.
Another myth he refuted was that NSA is some vicious three headed
monster. He agreed that it has three heads but said that, contrary to
popular belief, his dealings with NSA had always been quite reasonable
if sometimes a bit unclear.
After the history lesson, Shamir concluded his talk with lessons for
commercial security today, which he called the
10 Commandments of Commercial Security
--------------------------------------
1. Don't aim for perfect security
So, be realistic, and do the best you can within your limits.
Roughly, you should double security expenditure to halve risk.
2. Don't solve the wrong problem
For example, note that US banks lose 10 billion dollars a year
in check fraud but only 5 million in online fraud.
3. Don't sell security bottom-up
(in terms of the personnel hierarchy).
4. Don't use cryptographic overkill
Even bad crypto is usually the strong part of the system.
5. Don't make it complicated
This yields more places to attack the system,
and it encourages users to find ways to bypass security.
6. Don't make it expensive.
7. Don't use a single line of defense
Have several layers so security can be maintained
without expensive replacement of the primary line.
8. Don't forget the ``mystery attack''
Be able to regenerate security even when you have no idea
what's going wrong. For example, smart cards are attackable
but are great for quick cheap recovery.
9. Don't trust systems.
10. Don't trust people.
______________________________________________________________________
Perspective on Recent Events in Data Encryption Policy by Peter H. Lewis
______________________________________________________________________
[The following column crossed my electronic desk and struck me as a
good summary of where the current discussions of public policy on
encryption have led. Thanks to Peter Lewis for permitting us to include
it here.--CEL]
On The Net Column
Monday, Sept. 11, 1995
Peter H. Lewis
In terms of its ability to raise the nation's blood pressure, the
debate over data encryption has not yet reached the same levels as gun
control.
But last week the Clinton Administration appeared to set the stage
for an equally divisive national debate over the rights of businesses and
individuals to keep secrets when using telephones, computers and other
forms of electronic communications.
In two days of public hearings last week in Gaithersburg, Md., home
of the National Institute of Standards and Technology (NIST), the
Administration in effect unveiled its long-awaited proposals to relax
restrictions on the export of cryptographic software.
In effect, the Administration drew a line in the virtual sands of
cyberspace, signaling that it is willing to permit Americans to put
stronger cryptographic locks on their electronic data only if a spare key
to those locks is made available on demand to law enforcement agencies.
There looms the conflict. Although the current debate is about
export controls on an esoteric form of software that most Americans do not
use, the "export" issue is ultimately irrelevant in today's era of global
electronic voice and data networks, where passwords, not passports, are
checked at the gates. Simply placing a common privacy program on an
Internet-connected computer in Austin, Tex., is effectively no different
from sending a shrink-wrapped copy of the program to Moscow.
The real issue is how much privacy the Government is willing to
allow its own citizens, and the latest word from the Clinton Administration
is that the right to electronic privacy, like the right to bear arms, is
not absolute.
***
Cryptography is the science of secret writing. In this digital era,
secret writing applies not just to notes handed from one spy to another,
but also to telephone calls between individuals, funds transfers between
banks, bank and credit card records, electronic mail, faxes, and an endless
variety of computer files.
The Clinton Administration has been clear and consistent in
outlining its basic position on cryptographic systems. The goal is to allow
American citizens and companies to use the strongest possible cryptographic
technology, while at the same time preserving the ability of law
enforcement agencies to perform court-authorized wiretaps as part of the
effort to catch drug dealers, terrorists, child pornographers and other
miscreants.
In other words, it favors strong cryptography, but not too strong.
One way to measure the strength of cryptographic software is the
length of the software key necessary to encode and decode a message. The
longer the key, in terms of digital bits, the harder it is for an
unauthorized user to decipher the message.
In recent years, the Government has generally permitted Americans
to export cryptographic software with key lengths up to 40 bits. Experts
say that 40-bit keys are secure from casual snooping, but will fall quickly
to a determined codebreaker. The fact that the Government allows 40-bit
encryption systems to be exported is a pretty good indication that the
National Security Agency can break them easily.
There are literally hundreds of stronger cryptography programs
readily available outside the United States, and these stronger programs
are attractive to businesses that want to safeguard their data from
Internet bandits and corporate and government spies.
Last week, after more than a year of intense analysis of the
software export controls issue, the Government unveiled what it said was
the best possible compromise.
Under the new policy, companies can export encryption algorithms
using 64-bit keys, which are much more secure, but only if spare keys are
made available to law enforcement agents under standard legal procedures.
Otherwise, the 40-bit limit continues to apply.
The "spare key" technology, officially known as key escrow, is
anathema to many privacy advocates who fear Government abuses. The
Government first proposed a key escrow system with its so-called Clipper
Chip, a technology that failed to win acceptance even as a voluntary
standard.
Unlike Clipper, which was based on a classified algorithm called
Skipjack that only a few people outside the Government were allowed to
examine, the new policy allows people to use any algorithm they choose --
as long as it uses a key no larger than 64 bits, and as long as the keys
are entrusted to a domestic third party accessible to the Government, and
as long as the key escrow mechanisms cannot be readily altered or bypassed.
Also unlike Clipper, which required a special tamper-proof
microprocessor that would have added cost, complexity and extra power
requirements to communications devices, the new proposals can be
implemented entirely in software.
Key escrow systems make a lot of sense for most American companies,
at least for internal use. Having a spare set of keys lessens the risk of a
disgruntled employee or saboteur locking up vital company files.
But key escrow is also unpopular with American computer and
software companies, who say it prevents them from competing against foreign
companies that have no similar constraints, and with many multinational
corporations, who say it prevents them from working with foreign companies
that don't especially care for the idea of Uncle Sam holding the keys to
their data banks.
"If this was intended to be any sort of compromise, I don't think
it achieved its end," said Whitfield Diffie, a Distinguished Engineer at
Sun Microsystems who attended the meetings. "I didn't see anybody who was
enthusiastic."
***
Raymond G. Kammer, deputy director of NIST, suggested that the
hearings last week were intended to elicit public comment, and that the
Administration's final positions on cryptographic policy are still under
analysis.
However, the emergence of key escrow issues at the NIST proceedings
suggest that key escrow is emerging as a non-negotiable demand by some
factions of the Clinton Administration, especially the Justice Department
and the Federal Bureau of Investigation, led by Louis Freeh. Mr. Freeh
sincerely believes that data encryption is a weapon, and has publicly
called for domestic restrictions on civilian cryptography.
"If this fails," said one observer familiar with the
Administration's thinking on the proposed change in cryptographic policy,
"it's going to lead to a very devisive debate. And the irony, for
libertarians who oppose key escrow, is that if it fails, I am convinced
that Louis Freeh cannot be true to his job without proposing domestic
controls on data encryption."
"He's not going to give up without a fight, and neither is the
Justice Department," said the observer, who spoke on the condition he not
be identified.
Others say they do not think the Clinton Administration has yet
arrived at a concrete position, even after more than a year of study and
debate. "I don't think it's a final offer," said John Gilmore, a member of
the board of directors of Cygnus Support Inc., a computer company in
Mountain View, Calif. "It looks to me like a weak strawman, a first offer,
a proposal to dance."
The question is whether American citizens and businesses have the
patience to wait for the music to start. And the issue may be moot, anyway.
"The Internet Architecture Board has specifically decided to ignore
export controls in designing the security infrastructure for the next
generation of Internet protocols," Mr. Gilmore said. "The Internet of 1998
will provide automatic, secure, and fully private communication, without
key escrow, internationally. The protocols will be implemented
independently in a dozen different countries."
In other words, the international Internet community is already
planning to jump over the new line in the sand drawn last week by the
Clinton Administration. Cryptography that is stronger and better than the
Government's proposed system will become an integral part of the Internet,
and American companies and individuals would be foolish not to use it.
At that point, millions of Americans will come in direct conflict
with Government policy, and the popular gun-control bumper sticker may be
replaced by one that says, "If cryptography is outlawed, only outlaws will
have cryptography."
Peter H. Lewis, P.O. Box 162490, Austin, TX, 78716-2490
(512) 328-8258 ... "All the Disclaimers That Fit in Print"
plewis@nytimes.com
______________________________________________________________________
Report on the 8th IEEE Computer Security Foundations Workshop
by Simon Foley
______________________________________________________________________
[The following article will appear in the next issue of SIGSAC Review
and appears here with permission of its editor, Catherine Meadows, and
the author. This piece supplements Cipher's earlier account by Trent
Jaeger in EI#7. Simon Foley chaired the meeting reported.-- CEL]
-----------------------------------------------------------------------
The purpose of the Computer Security Foundations Workshop is to bring
together researchers to explore fundamental issues in computer security.
Each year, papers and panel sessions are presented in foundational areas
such as: access control, cryptographic protocols, database security,
integrity and availability, information flow, and formal methods for
security.
This year the workshop was held in Dromquinna Manor, Kenmare, County Kerry,
Ireland, June 13-15, 1995. It was the first time the workshop was held
outside the USA. Dromquinna Manor, situated on a peninsula on the south-west
coast of Ireland, provided the kind of peaceful environment, in an idyllic
setting, that has become synonymous with the workshop. The number of
submissions to the workshop were up on the previous three years, perhaps due
in part to the attractive venue, but most certainly due to the lively
technical discussions that can be expected during the workshop. It was the
hard work of Program Chair Li Gong(SRI, USA), Program Committee, authors and
panelists, that made the workshop such a success.
The first session, chaired by Simon Foley, was on Composition and comprised
of three papers about relationships between information flow properties and
composition. In his presentation of The Composability of Non-Interference
(A. Zakinthinos and E.S. Lee, U. Toronto, Canada), Aris Zakinthinos proposed
a novel, composable, non-interference property that permitted a degree of
feedback. He argued that non-interference was more appealing (than
restrictiveness), because unlike restrictiveness, it has a more intuitive
feel and a larger class of systems satisfy the property. Lars Wulf presented
Composing and Decomposing Systems under Security Properties, co-authored
with A.W. Roscoe (both Oxford U., UK). He argued that a more expressive
model than traces should be used when capturing information flow properties
in CSP. The authors studied separability, and its relationship to
composition, in terms of the failures-divergences model. A conclusion was
that separability is not a sound property for systems that have (internal)
nondeterminism. The final paper, Algebraic Properties of System Composition
in the Loral, Ulysses and McLean Trace Models was presented by Alfred Maneki
(DOD, USA), who gave a catalogue of algebraic properties for the three
information flow properties. His conclusion was one of caution: one should
be mindful of how compositions are made, even if the property is composable.
Michael Reiter (AT&T Bell Labs, USA) chaired the session on Authentication
Protocols. Li Gong, was to present a paper, Optimal Authentication Protocols
Resistant to Password Guessing Attacks, but in the tradition of CSFW
spontaneity, he proposed instead, ten foundational issues for computer
security. They were: secure initial access (by universal authentication
format); high integrity and easily accessible pseudo-random number
generators; highly available non-tamperable global time service on internet;
sensible placement of security mechanisms within internet; secure,
dynamically constituted groups; provably secure protocols; refinement of
security properties and specifications; secure (heterogeneous) system
composition; secure system inter-operation, and sensible integration of
security and fault tolerance.
The second paper, Key Distribution without Individual Trusted Authentication
Servers, was presented by Liqun Chen (co-authors, D. Gollmann and C.
Mitchell, all U. London). Chen described the problem of establishing secure
(symmetric) channels between entities who share no secret, and where some
authentication servers cannot be trusted. The advantages, over existing
solutions, of their protocol, include, less (and smaller) messages, greater
choice of hash function, and a lower computational complexity.
The session after lunch, Analysis of Cryptographic Protocols was chaired by
Gene Tsudik (IBM, Switzerland). Colin Boyd (U. Manchester, UK), presented
Towards a Classification of Key Agreement Protocols, and advised caution
when selecting hash functions. His `menagerie' of hash functions (acronyms,
BOW, MIOW and WOOF), help in classifying key agreement protocols into three
different types, which he described. The second speaker, Wenbo Mao (HP Labs,
UK) proposed An Augmentation of BAN-Like Logics. He noted that errors are
easily made during the protocol idealization step. His approach does not
change the axioms of the logic, but proposes that stages of the idealization
be described using new operators.
After a break for cream teas on the lawns of Dromquinna, the first day was
concluded by a panel session on What Makes a Cryptographic Protocol
Dependable? The moderator was Catherine Meadows (NRL, USA), with panelists
Colin Boyd, Dieter Gollmann and Michael Merritt (AT&T Bell Labs, USA). The
motivation for the panel was that there exists a large body of work
describing various conditions that cryptographic protocols should satisfy to
be reliable/dependable. However, these requirements are often contradictory
when taken together.
Colin Boyd's position was that we should follow the formal top down
principles of dependable systems development. He suggested a layered
approach, with refinement between layers providing correctness: first,
specify the security requirements for messages in the system; second,
design/describe the protocol in an abstract manner, but avoid details about
specific cryptographic algorithms, and third, implement. He argued that many
existing protocols are not specified properly, feeling that approaches such
as using CSP/FDR are good because they force the specifier to be precise. In
light of this Bob Morris wondered do we even know what cryptographic
protocols are intended to do in the first place?
Dieter Gollmann also asked this same question of protocols and repudiation,
suggesting that the problem is, not being able to focus on what we want to
talk about. He agreed with Boyd's layered approach and argued that when
designing protocols we should: always use the correct level of abstraction;
disassociate signature from encryption with a secret key; keep proofs a
distance from protocol, and make all initial assumptions on keys, nonces and
algorithm explicit.
Michael Merritt wondered if insight could be gained by taking the viewpoint
of dependable protocols as a form of fault tolerant distributed algorithms.
With fault tolerance one is interested in the reachable states of a system,
while with a protocol, we are interested in the reachable states of an
adversary. However, he pointed to a number of problems that make developing
dependable protocols harder. He felt that secure refinement will be a
difficult problem, especially given that an adversary attacks the
implementation, not the specification. He suggested that refinement could be
a process of re-examining the steps from previous levels to make sure they
still hold. Bill Roscoe agreed that refinement of specifications involving
true nondeterminism is very hard. John McLean wondered if properties like
subliminal channels might get overlooked by refinement and suggested that
perhaps refinement should be viewed as just a way to narrow down what one
needs to look at when developing a protocol.
Mark Lomas outlined a system which used two individually `dependable'
protocols together in such a way that they failed. Others had similar
experiences, often due to protocol assumptions not being made explicit.
Michael Merritt wondered how we specify `you do not do anything incredibly
stupid', and suggested analyzing substitution attacks as a way to avoid
problems of extending protocols later on. Li Gong felt that at the protocol
level we should not be concerned with low-level details about crypto-system
attacks etc., making it even harder to analyze. He argued that it is the
person who codes the protocol who should ask the relevant questions about
what appropriate ciphers to use.
Before chairing the first session of day two, Jonathan Millen (MITRE, USA)
asked the audience to consider the state of computer security foundations
and its relationship to the photograph of Staigue Fort on the proceeding's
cover (an early medieval stone fort near Dromquinna Manor). He speculated
that the fort looked like a foundation, but nothing was ever built on it and
furthermore, it was crumbling on top!
The first paper in this session on Issues in Implementations was The
Security Checker: A Semantics-based Tool for the Verification of Security
Properties, by R. Focardi, R. Gorrieri and V. Panini (U. Bologna, Italy). In
his talk, Ricardo Focardi, described work on adapting the CCS Concurrency
Workbench to model-check information flow properties of CCS style
specifications. The checking algorithms have poor(some exponential), worst
case complexity results. However, in practice the authors have found the
time and space requirements for the algorithms to be reasonable, especially
if algebraic properties (for example, parallel composition) of the security
property are used to reduce the number of states to be checked.
Trent Jaeger presented Implementation of a Discretionary Access Control
Model for Script-based Systems (co-author Atul Prakash, both from U.
Michigan, USA). He proposed an access control model tailored specifically
for script based systems. The model provides roles for processes running
command scripts: accesses are determined by the rights of the process and
script author. The model has been implemented using Safe-Tcl under Kerberos
and Taos. In the absence of the authors, J.V. Janeri (MITRE, USA), D.B.
Darby and D.D. Schnackenberg (Boeing, USA), Jonathan Millen presented their
paper Building Higher Resolution Synthetic Clocks for Signaling in Covert
Timing Channels. Millen described a network LAN covert channel, and its
countermeasures, based on process scheduling. Controlling the channel by
adjusting clock granularity can conflict with the timing requirements of
network software. This was exemplified by the discovery of an
Heisenberg-like principle: the covert channel worked when debugging code
was present in the software, but decayed when it was removed!
Michael Merritt chaired the session on cryptographic protocols, which
focused on using algebraic techniques for verifying protocols (as opposed to
BAN style approaches). A.W. Roscoe's paper was on Modeling and Verifying
Key-Exchange Protocols using CSP and FDR, but he spoke about subsequent
ongoing work at Oxford with P. Gardiner, G. Lowe and M. Goldsmith. Their
approach is to use CSP to describe the agents in the protocol (responder,
server, initiator, adversary) and use the FDR tool to model check safety and
liveness properties of the protocol. The second paper, Using Temporal logic
to Specify and Verify Cryptographic Protocols (Progress Report), by J.W.
Gray III (Hong Kong U. of Science and Technology) and J. McLean, was
presented by John McLean. The goal of their research is to provide a single
logic in which requirements specification, protocol specification and proof
of correctness can all be done within the same formalism. In this respect,
they have effectively recast the Prolog, context free grammar and temporal
logic components of the NRL protocol analyzer tool into Lamport's Raw
Temporal Logic of Actions. The session adjourned for lunch, which was had
down by the sea shore.
The session on Secure Systems was chaired by John McLean. Tom Keefe (Penn
State, USA) presented Concurrency Control for Federated Multilevel Secure
Database Systems (co-author I.E. Kang, GTE Labs, USA). He explained their
interest in building federated multilevel DBMS on top of autonomous,
pre-existing multilevel DBMS systems. Their approach uses a secure
validation protocol which ensures serializability across the federation,
maintains local autonomy of individual DBMS and ensures multilevel security.
While their protocol currently requires the security lattices of local
DBMS's to be total, the resulting lattice for the secure federation is not
necessarily total. Keefe also described a novel method for untrusted
timestamp generation that can be used in their protocol. Jeremy Jacob
(University of York, UK) presented the paper Specifying Security for CSCW
Systems (co-author, S. Foley). He described what the authors believe to be a
reasonable method for specifying functionality and security
(confidentiality) requirements for CSCW applications. Testing the method
against a simple case study, they were surprised that security turned out to
be very simple to specify. Jacob suggested that this came about as a result
of the way the application is modularized, and because so much is captured
by the functionality requirements.
The panel session Considering the Common Criteria concluded the second day,
with moderator Jane Sinclair (Open University, UK) and panelists, Jeremy
Jacob, Jonathan Millen and Bronia Szczygiel(NPL, UK). Jane Sinclair gave the
motivation for the panel and asked a number of questions about the Criteria
she hoped we might find answers for.
The first panelist, Jonathan Millen, outlined the key components of the
Criteria, described how it might be used, and gave pointers to those aspects
of the Criteria that are open to opportunities to do further technical work
(practically everything). He noted that the Criteria typically defines what
is required, but gives no assistance on how to do it; he felt that further
support/guidance documentation should be provided. He finished with the
meta-challenge: do we really know enough to do what is required by the
Criteria?
Jeremy Jacob felt there little trace of the security foundations community
in the Criteria documentation, and asked if the people developing it are
paying any attention to us, or do we have anything to offer them anyhow?
John McLean noted that the Orange book did enshrine the view of the
technical community, and halted them in their tracks.
Bronia Szczygiel argued that the Criteria does not meet user's needs, is
incomplete and inflexible and should address the integrity of the entire
enterprise, not just the computer system. But she felt that its principles
were good, i.e., addressing what your security is, rather than low-level
details. She suggested that conformance testing for security can give an
added objectivity that is not got from evaluation alone.
There was speculation from the audience as to whether `evaluated to CC' was
like `Intel Inside': will it help sell systems? This was countered by,
perhaps it is a warning. This seemed indicative of audience's mood: one of
skepticism on whether it would be used in commercial practice. Perhaps,
using the Criteria is like the Irish dancing seen that night in Dromquinna:
just a lot of fancy footwork?
The session for the final day of the workshop, Information Flow was chaired
by Joshua Guttman (MITRE, USA). Paul Syverson(NRL, USA) presented a paper
The Epistemic Representation of Information Flow Security in Probabilistic
Systems, co-author J.W. Gray III. He outlined a logic for security in which
information flows due to time and probability can be accounted for. Their
logic, iss built on the standard Halpern-Tuttle model of knowledge and
probability in systems, and represents a bringing together of previous work
in the areas of noninterference and epistemic logic for modeling security.
Connection Policies and Controlled Interference, by W.R. Bevier, R.M. Cohen
and W.D. Young (Computational Logic, USA) was presented by Bill Young. He
described a generalization of their work (presented at this workshop last
year) on intransitive non-interference. Typical intransitive noninterference
requirements are at the granularity of agents: whether agents may/may not
interfere. Controlled noninterference permits a finer granularity by using
connection policies to define what channels connect agents, and effectively
capture how agents may/may not interfere with each other. He concluded by
examining related work on intransitive noninterference, separability and
type enforcement(assured pipelines).
We were fortunate to have three days of glorious sunshine, giving delegates
the opportunity to discuss their research over walks by the sea, across
mountains, and as with every previous year, over games of croquet.
Congratulations to this year's Croquet Tournament winner, Bill Roscoe, and
the runner-up Aris Zakinthinos. At the business meeting, held after the last
session, it was agreed to use Dromquinna Manor as the workshop venue for
1996. The workshop will run June 10--12, 1996. Simon Foley will remain as
General Chair and the Programme Chair will be Michael Merritt. For further
information about the workshop contact Simon Foley (at the address above),
or access the CSFW web page at: http://www.csl.sri.com/ieee-csfw/csfw.html.
Information about obtaining copies of this year's CSFW8 proceedings is also
available at this site.
________________________________________________________________________
Calls for Papers (new listings since last issue only)
________________________________________________________________________
(see also Calendar)
o Conferences
Listed earliest deadline first. See also Cipher Calendar and
NRL CHACS CFP list. Listed earliest deadline first
o ACM Workshop on Role-Based Access Control, 30 Nov. - 1 Dec. 1995,
Gaithersburg, MD. The workshop is planned to bring together users,
vendors and researchers who are interested in fostering and promoting
RBAC. The Workshop's objectives are to provide a forum for rapid
dissemination of new ideas and developments in RBAC, and to cultivate
convergence towards a standard framework for RBAC and related access
control issues. Users, vendors and researchers desiring to participate
should submit 2-3 page position papers describing their interest and
activities in RBAC to Ravi Sandhu (sandhu@isse.gmu.edu).
o Workshop on Information Hiding, 30 May - 1 June 1996,
Isaac Newton Institute, Cambridge, UK. Contributions sought on
research and practice in information hiding techniques, as used
in copyright marking of digital objects, covert channels in computer
systems, subliminal channels in cryptographic protocols, LPI
communications, and various kinds of anonymity services ranging from
steganography through location security to digital elections. Send
eight copies of papers up to 15 pages, suitable for blind refereeing,
to Ross Anderson (ross.anderson@cl.cam.ac.uk) by 31 December 1995.
Electronic submissions (preferably latex using llncs.sty) also accepted.
o Tenth Annual IFIP WG 11.3 Working Conference on Database Security,
22-24 July 1996, Como, Italy. Submit papers (up to 5000 words) and
panel proposals presenting original, unpublished research results,
practical experiences, and innovative ideas in database security to one
of the program co-chairs (Pierangela Samarati (samarati@dsi.unimi.it)
and Ravi Sandhu (sandhu@isse.gmu.edu)) by February 20, 1996. The call
for papers includes a summary of current issues of concern to the
Working Group.
Journals [Note: these publications are included in this issue for
completeness; they will always accept submissions of relevant
papers.--CEL]
o Journal of Computer Security (JCS) is an archival research
journal for significant advances in computer security. Subject
areas include architecture, operating systems, database systems,
networks, authentication, distributed systems, formal models,
verification, algorithms, mechanisms, and policies. Submissions:
send six copies to one of the editors in chief: Sushil Jadodia,
ISSE Dept., George Mason University, 440 University Drive, Fairfax,
VA 22030, or Jonathan Millen, The MITRE Corporation, 202 Burlington
Road, Bedford, MA 01730. Subscriptions: contact IOS Press,
Van Diemenstraat 94, 1013 CN Amsterdam, Netherlands,
fax: +31 20 22 6055, e-mail: Marie-Louise.Kok@ios.nl,
for information about individual or institutional subscriptions or
back issues.
o Computers & Security aims to satisfy the needs of managers and
experts involved in computer security by providing a blend of
research developments, innovations, and practical management advice.
Original submissions on all computer security topics are invited,
particularly those of pracitcal benefit to the practitioner. Four
copies of papers from 5-10,000 words should be sent to the editor,
John Meyer, at Elsevier Advanced Technology, P.O. Box 150, Kidlington,
Oxford, OX5 1AS, United Kingdom. Telephones:
voice +44(0)1865 843848 / 843000; fax +44 (0) 1865 843971.
________________________________________________________________________
Reader's Guide to Current Technical Literature in Security and Privacy
Part 1: Conference Papers
________________________________________________________________________
Papers to be presented at the Third ACM Conference on Computer and
Communications Security, March 14-16, 1996, New Delhi, India, (preliminary
list, subject to minor changes).
-------------------------------------------------------------------------
o Unified Login with Pluggable Authentication Modules,
Vipin Samar (Sun Microsystems, USA)
o Secure External References in Multimedia Email Messages,
Burkhard Wiegel (German National Research Center for IT)
o Securing ATM Networks, Shaw-Cheng Chuang (University of Cambridge, UK)
o Diffie-Hellman Key Distrubution Extended to Group Communication,
Gene Tsudik (IBM Zurich Research Laboratory, Switzerland)
o Key Management in the Omega System, Michael Reiter, Matthew Franklin,
John Lacy, and Rebecca Wright (AT&T Bell Laboratories, USA)
o Proxy Signatures for Delegating Signing Operation,
Masahiro Mambo, Keisuke Usuda, and Eiji Okamoto (JAIST, Japan)
o Batch Exponentiation for Fast DLP-Based Signature Generation,
David M'Raihi and David Naccache (GEMPLUS, France)
o Human-Computer Cryptography: An Attempt,
Tsutomu Matsumoto (Yokohama National University, Japan)
o Revokable and Versatile Electronic Money,
Markus Jakobsson (UCSD) Moti Yung (IBM T.J. Watson Res. Center, USA)
o An Efficient Fair Payment System, Jan Camenisch, Jean-Marc Piveteau,
and Markus Stadler (ETH Zurich and Union Bank of Switzerland)
o Reasoning about Authentication and Revocation: Timeliness Constraints
of Obtaining Confidence, Stuart Stubblebine and Rebecca Wright (AT&T
Bell Laboratories, USA)
o An Approach to the Formal Verification Of Cryptographic Protocols,
Dominique Bolignano (Bull S.A./OSS, France)
o An Advanced Commit Protocol for MLS Distributed Database Systems,
Indrajit Ray, Elisa Bertino, Sushil Jajodia, Luigi Mancini (University
of Milan, Italy, and George Mason University, USA)
o Several Secure Store and Forward Devices,
David Goldschlag (Naval Research Laboratory, USA)
o An Experiment on DES Statistical Cryptanalysis,
Serge Vaudenay (ENS/DMI, France)
o Breaking and Repairing a Convertible Undeniable Signature Scheme,
Markus Michels (University of Technology Chemnitz-Zwickau, Germany)
o Cryptanalysis of Private-Key Encryption Schemes Based on
Burst-Error-Correcting Codes, Hung-Min Sun and Shiuh-Pyng Shieh
(National Chiao Tung University, Taiwan)
o Access Control and Signatures via Quorum Secret Sharing,
Moni Naor and Avishai Wool (The Weizmann Institute, Israel)
o A Non-timestamped Authorization Model for Relational Databases,
Elisa Bertino, Sushil Jajodia, and Pierangela Samarati (Univ. of Milan,
Italy, and George Mason University, USA)
---------------------------------------------------------------------------
Papers to be presented at IT Sicherheit '95, Communications and Multimedia
Security, IFIP TC-6 TC-11 and Austrian Computer Society Joint Working
Conference, 20-21 September, Graz, Austria
------------------------------------------------------------------------
o Invited Talk:
The Puzzling Science of Information Integrity, Gustavus J. Simmons
o Issues of Attack in Distributed Systems - An Attack Generic Model,
I. Kantzavelou, A. Patel (UCL Dublin)
o Covered Trust Values in Distributed Systems,
B. Borcherding, M. Borcherding (University of Karlsruhe)
o File Server Architecture For an Open Distributed Document System,
B. Christianson, P. Hu, B. Snook (University of Hertfordshire)
o A heuristic for securing Hypertext documents,
M.S. Olivier (Rand Afrikaans University, Johannesburg)
o Multimedia - Security - and Quality Issues
K. Keus, R. Thomys (BSI Bonn)
o The Graphical Interface for Secure Mail
F. Bracun, B. Jerman-Blazic, T. Klobucar, D. Trcek
(Jozef Stefan Institute, Slovenia)
o Security Subjects and their classification criteria in the Network
Security Reference Model, T. Chikaraishi, T. Shimomura, T. Ohta (ATR Kyoto)
o A strategic approach to a national security policy,
H. Zeger (Arge Daten, Wien)
o Managing information security in a client/server environment with
distributed, object-oriented role-based security, J.van der Merwe,
S.H. von Solms, M.S.Olivier (Rand Afrikaans University)
o Authorization in the Distributed Object Enviroment MOdel for
Fine-grained Access Control (MOFAC), J. von Solms, M.S. Olivier,
S. von Solms, (Rand Afrikaans University)
o Interworking Public Key Certification Infrastructure for Europe,
P. Lipp, V.Hassler, (Technische Universitat Graz)
o Invited Speaker: The Patient Card and its Position in a New Health
Care System, C.O.Koehler (German Cancer Research Center Heidelberg)
o Access Control for Federated Database Environments - A Taxonomy of Design
Choices, W. E_maier, F. Kastner, S. Preishuber, (Research Institute
for Applied Knowledge Processing, Hagenberg ), G. Pernul(Universitdt Wien),
A.M. Tjoa (Technische Universitat Wien)
o Authorization in Multimedia Conferencing Systems, E. Fernandez,
P. Chien (Florida Atlantic University, Boca Raton)
o Authentication and Key Distribution in Computer Networks and Distributed
Systems, R. Oppliger (Universitdt Bern)
o Hidden Signature Schemes based on the discrete logarithm problem and
related concepts, P. Horster, M. Michels, H. Petersen (University of
Technology Chemnitz-Zwickau)
o Digital signature schemes based on Lucas functions, P. Horster, M. Michels,
H. Petersen (University of Technology Chemnitz-Zwickau)
o Powerpermutations on prime residue classes, H. Fischer,
C. Stingl (Universitdt Klagenfurt)
o Hill cipher application to multimedia security, N. Nikitakos
(Hellenic Navy)
o From Steganographia to Subliminal Communication, O. Horak
o On the fractal nature of the set of all binary sequences with almost
perfect linear complexity profile, H. Niederreiter, M. Vielhaber
(Austrian Academy of Sciences , Vienna)
----------------------------------------------------------------------------
Papers presented at the 1996 New Paradigms Workshop, held 22-25 August 1995
at the University of California at San Diego, La Jolla, California
----------------------------------------------------------------------------
o 'TSUPDOOD? Repackaged Problems for You and MMI,
Becky Bace and Marvin Schaefer
o Security for Infinite Networks,
Ruth Nelson and Hilary Hosmer
o Research Issues in Authorization Models for Hypertext Systems,
Elisa Bertino and Pierangela Samarati
o Unhelpfulness as a Security Policy,
Ruth Nelson
o QuARC Security,
John Yesberg and Mark Anderson
o Administration in a Multiple Policy/Domain Environment,
William Ford
o Virtual Enterprises and the Enterprise Security Architecture,
Tom Haigh
o Software Systems Risk Management and Assurance,
Sharon Fletcher et al.
o Applying the Dependability Paradigm to Computer Security,
Cathy Meadows
o Pretty Good Assurance,
Jeffrey Williams, Marv Schaefer, Douglas Landoll
o Review of Assurance Work in the UK,
John Dobson
o Credentials for Privacy and Interoperation,
V.E. Jones, N. Ching, M. Winslett
________________________________________________________________________
Reader's Guide to Current Technical Literature in Security and Privacy
Part 2: Journal and Newsletter Articles, Book Chapters
________________________________________________________________________
o SIGSAC Security Audit & Control Review Volume 13, Number 3 (July
1995)[special issue Issues 94 Workshop on Public Key Cryptography]:
- Harvey H. Rubinovitz. Issues 94 - public key - trials and tribulations.
pp. 2-4.
- Diane E. Coe and Frank J. Smith. Developing and deploying a
corporate-wide digital signature capability. pp.5-8.
- Warwick Ford. Advances in public-key certificates. pp.9-15.
o SIGSAC Security Audit & Control Review Volume 13, Number 2 (April 1995).
C. S. Guynes and R. G. Thorn. Network security in a client/server
environment. pp. 7-12.
o Computers & Security Volume 14, Number 3 (1995). (Elsevier) Refereed
Papers:
- Frank Deane, Kate Barrelle, Ron Henderson and Doug Mahar. Perceived
acceptability of biometric security systems. pp.225-232.
- Matt Bishop and Daniel Klein. Improving system security via proactive
password checking. pp. 233-250.
- H. Booysem and J. Eloff. Classification of objects for improved access
control. pp.251-266.
o Information Processing Letters, Vol. 55, No. 3 (August 1995). L. Gong.
Collisionful keyed hash functions with selectable collisions, pp. 167-170.
o Information Processing Letters, Vol. 55, No. 1 (July 1995). H-Y. Lin and L.
Harn. Fair reconstruction of a secret. pp. 45-47.
o IEEE Transactions on Computers, Vol. 44, No. 7 (July 1995). S-M. Yen and
C-S. Laih. Improved Digital Signature Suitable for Batch Verification.
pp. 957-959.
o MIT Technology Review, Vol. 98, No. 5 (July 1995). Dorothy Denning.
Resolving the encryption dilemma: The case for the clipper chip. pp. 48-55. ________________________________________________________________________
Reader's Guide to Current Technical Literature in Security and Privacy
Part 3: Books
________________________________________________________________________
o Schneier, B. Applied Cryptography, Second Edition. According to the
author, this is a major expansion of the popular first edition ("50%
more words"). Publication date is 15 November, but a 15% pre-publication
discount may be available; write schneier@winternet.com.
o Icove, D., K. A. Seger, W. R. VonStorch, and E. H. Spafford.
Computer Crime: A Crimefighter's Handbook. O'Reilly & Associates, $24.95.
________________________________________________________________________
Calendar
________________________________________________________________________
Internet Conference Calendar, URL:http://www.automatrix.com/conferences/
is also worth a look.
Dates Event, Location Point of Contact/ more information
----- --------------- ----------------------------------
====================================================================
See Calls for Papers section for details on many of these listings.
====================================================================
9/17/95- 9/20/95; HPTS 95, Asilomar, CA; neowens@vnet.ibm.com
9/20/95- 9/21/95: IT-Sicherheit '95, Graz; rposch@iaik.tu-graz.ac.at
9/20/95- 9/23/95: IC3N '95, Las Vegas kia@unlv.edu
9/21/95- 9/22/95: ICI '95, Washington DC; denning@cs.georgetown.edu
9/27/95- 9/29/95: DCCA-5, Champaign, IL; no e-mail address available
10/ 2/95: JBCS spec issue on DBMS papers due; laender@dcc.ufmg.br
10/10/95-10/13/95: NISS-18, Baltimore, MD;
NISS_Conference@Dockmaster.ncsc.mil
10/23/95: RBAC '95, Maryland, submissions due; sandhu@isse.gmu.edu
10/23/95: SIGMOD/PODS '96, Montreal, submissions due; SIGMOD:
sigmod96@research.att.com; PODS: hull@cs.colorado.edu
11 1/95: IS iss. on disaster recov.; papers due; agrawal@cs.ucsb.edu
11/ 6/95:IEEE S&P '96 submissions due; mchugh@cs.pdx.edu
11/ 6/95-11/10/95: ICECCS '95, Fort Lauderdale; alex@vulcan.njit.edu
11/14/95-11/15/95: ACM MCN '95 Berkeley, CA;
mcn95-submission@cs.columbia.edu
11/15/95: ICSSDBM '96, Stockholm, submissions due; pers@sto.foa.se
11/15/95-11/17/95: CISMOD '95 Bombay; bhalla@u-aizu.ac.jp
11/29/95-12/ 2/95: CIKM '95, Baltimore; nicholas@cs.umbc.edu
11/30/95-12/ 1/95: RBAC'95,NIST,Gaithersburg,MD; sandhu@isse.gmu.edu
11/30/95: ACM Computer Security Day; computer_security_day@acm.org
12/ 4/95-12/ 7/95: DOOD '95, Singapore; mendel@db.toronto.edu
12/11/95-12/15/95: ACSAC '95, New Orleans; smith@arca.va.com
12/13/95-12/15/95: OOER '95, G.C., Australia; mikep@icis.qut.edu.au
12/18/95-12/20/95: 5th IMACCC, Cirencester, UK; colin.boyd@man.ac.uk
12/27/95-12/30/95: 7th COMAD, Pune, India; anand@pspl.ernet.in
or krishnam@hplabs.hp.com
12/31/95: IH Workshop'96, submissions due;ross.anderson@cl.cam.ac.uk
1/11/96: FMSP '96 San Diego, CA, sriram.sankar@sun.com
1/29/96: ACISP '96, Wollongong, NSW, Australia; submissions due,
josef@cs.uow.edu.au
2/20/96: IFIP WG 11.3, Como, Italy, submissions due,
samarati@dsi.unimi.it or sandhu@isse.gmu.edu
2/22/96- 2/23/96: SNDSS '96,San Diego; http://nii.isi.edu/info/sndss
2/23/96: VLDB '96 submissions due; nls@cse.iitb.ernet.in
2/26/96- 3/ 1/96: ICDE '96, New Orleans; icde96@cis.ufl.edu
3/14/96- 3/16/96: CCS-3, New Delhi; gong@csl.sri.com or
Jacques.Stern@ens.fr
3/15/96: ESORICS'96, Rome, submissions due;
bertino@hermes.mc.dsi.unimi.it
3/27/96- 3/30/96: CFP '96, Cambridge, MA; cfp96@mit.edu
4/30/96- 5/ 3/96: 8th CCSS, Ottawa; no e-mail address available
5/30/95- 6/1/96: IH Workshop '96, Cambridge, UK;
ross.anderson@cl.cam.ac.uk
5/ 5/96- 5/ 8/96: IEEE S&P 96; dmj@mitre.org
5/21/96- 6/24/96: IFIP/SEC 96 - Greece; no e-mail address available
6/ 3/95- 6/ 6/95: SIGMOD/PODS '96, Montreal, Canada
6/18/96- 6/20/96: ICSSDBM '96, Stockholm; pers@sto.foa.se
6/24/96- 6/26/96: ACISP '96,Wollongong,Australia;josef@cs.uow.edu.au
7/22/96- 7/24/96: IFIP WG 11.3, Como,Italy, samarati@dsi.unimi.it or
sandhu@isse.gmu.edu
9/ 3/96 9/ 6/96: VLDB '96, Bombay, India; nls@cse.iitb.ernet.in
9/25/96- 9/27/96: ESORICS'96, Rome; bertino@hermes.mc.dsi.unimi.it
5/ 4/97- 5/ 7/97: IEEE S&P 97; Oakland no e-mail address available
5/13/97- 5/16/97: 9th CCSS, Ottawa; no e-mail address available
5/ 3/98- 5/ 6/98: IEEE S&P 98; Oakland no e-mail address available
5/12/98- 5/15/98: 10th CCSS, Ottawa; no e-mail address available
5/ 2/99- 5/ 5/99: IEEE S&P 99; Oakland no e-mail address available
5/11/99- 5/14/99: 11th CCSS, Ottawa; no e-mail address available
4/30/00- 5/ 3/00: IEEE S&P 00; Oakland no e-mail address available
5/16/00- 5/19/00: 12th CCSS, Ottawa; no e-mail address available
Key:
====
ACISP = Australasian Conference on Information Security and Privacy
ACSAC = Annual Computer Security Applications Conference
CCS-3 = 3rd ACM Conference on Computer and Communications
Security
CCSS = Annual Canadian Computer Security Symposium
CIKM = Int. Conf. on Information and Knowledge Management CIKM '95
COMAD = Seventh Int'l Conference on Management of Data (India)
CISMOD = International Conf. on Information Systems and Management
of Data
CFP = Conference on Computers, Freedom, and Privacy
CPAC = Cryptography - Policy and Algorithms Conference
CSFW = Computer Security Foundations Workshop
DCCA = Dependable Computing for Critical Applications
DOOD = Conference on Deductive and Object-Oriented Databases DOOD '95
ESORICS = European Symposium on Research in Computer Security
FISSEA = Federal Information Systems Security Educators' Association
FMSP = Formal Methods in Software Practice
HPTS = Workshop on High Performance Transaction Systems
IC3N = Int. Conference on Computer Communications and Networks
ICDE = Int. Conf. on Data Engineering ICDE '95
ICI = International Cryptography Institute
ICECCS = Int. Conf. on Engineering of Complex Computer Systems
ICSSDBM = Int. Conf. on Sci. and Statistical Database Management
IEEE S&P = IEEE Symposium on Security and Privacy - IEEE S&P '96
IFIP/SEC = Int. Conference on Information Security (IFIP TC11)
IFIP WG11.3 = IFIP WG11.3 10th Working Conf. on Database Security
IH Workshop '96 = Workshop on Information Hiding
IMACCC = IMA Conference on Cryptography and Coding
INET = Internet Society Annual Conference
IS = Information Systems (journal)
ISOC-Symp = Internet Society Symposium on Network and Distributed
System Security
IT-Sicherheit '95 = Communications and Multimedia Security: Joint
Working conference of IFIP TC-6 and TC-11 and Austrian Computer Soc.
JBCS = Journal of the Brazilian Computer Society
JCMS = Journal of Computer Mediated Communication
MCN '95 = ACM Int. Conf. on Mobile Computing and Networking
MDS '95 = Second Conference on the Mathematics of Dependable Systems
MMDMS = First Int. Wkshop on Multi-Media Database Management Systems
NCSC = National Computer Security Conference
NISS = National Information Systems Security Conference
NSPW = New Security Paradigms Workshop
OOER = Fourteenth Int. Conf. on Object-Oriented and
Entity Relationship Modelling
RBAC'95 = First ACM Workshop on Role-Based Access Control
SAC '95 = 2nd Annual Workshop on Selected Areas of Cryptography
SFTC-VI = Symposium on Fault Tolerant Computing - VI (Brazil)
SIGMOD/PODS - ACM SIGMOD International Conference on Management of Data
/ ACM SIGACT SIGMOD-SIGART Symposium on Principles of Database Systems
SNDSS = Symp. on Network and Distributed Sys. Sec. (Internet Society)
USENIX Sec Symp = USENIX UNIX Security Symposium
VLDB = Int'l Conf. on Very Large Databases
WDAG-9 = Ninth Int. Workshop on Distributed Algorithms
________________________________________________________________________
Who's Where: recent address changes
________________________________________________________________________
Posted 11 August 1995:
Gary S. Lynch
Research Director, Information Security Services
Gartner Group
56 Top Gallant Road - P.O. Box 10212
Stamford, CT 06904-2212
(203) 316-1111 (voice)
(203) 316-1100 (fax)
gslynch@interserv.com or glynch@gartner.com
Posted 8 August 1995:
Dr. D. Elliott Bell
Principal Engineer
The MITRE Corporation
7525 Colshire Drive
McLean, VA 22102
(703) 883-6275
dbell@mitre.org
Bell@dockmaster.ncsc.mil
Prof. E. Stewart Lee
University of Cambridge
Computer Laboratory
New Museums Site
Pembroke Street
Cambridge CB2 3QG
United Kingdom
Stewart.Lee@cl.cam.ac.uk
Updated 8 August 1995:
Dixie Baker
Science Applications International Corporation
10770 Wateridge Circle, M/S 121
San Diego, CA 92121
email: dixie_baker@cpqm.saic.com
phone: (310) 613-3603
________________________________________________________________________
New Reports available via FTP and WWW
________________________________________________________________________
Gene Spafford announces the availability of two new theses:
Taimur Aslam's MS thesis: A taxonomy of security faults in the Unix
operating system:
ftp://coast.cs.purdue.edu/pub/COAST/papers/aslam-taxonomy-msthesis.ps.Z
Sandeep Kumar's Ph.D. dissertation: Classification and detection of
computer intrusions:
ftp://coast.cs.purdue.edu/pub/COAST/papers/kumar-intdet-phddiss.ps.Z
Also, Gene has reorganized the COAST archive and encourages Cipher
readers to revisit it and comment. URL: http://www.cs.purdue.edu/coast
IPSEC RFC's 1825 - 1829 can be found at:
http://ds.internic.net/ds/rfc-index.html.
IITF report on Intellectual Property and the National Information
Infrastructure: http://www.uspto.gov/web/ipnii/
INET 95 papers on security (and other topics; full papers available
at http://www.isoc.org/HMP/proc1.html):
A Distributed Authorization Model for WWW by Jose Kahan Oblatt
http://www.isoc.org/HMP/PAPER/107/abst.html
Using Public Key Technology -- Issues of Binding and Protection
by James Glavin and Sandra Murphy, TIS
http://www.isoc.org/HMP/PAPER/147/abst.html
Simple Key-Management for Internet Protocol (SKIP) by Ashar Aziz,
Martin Patterson, and Geoff Baehr
http://www.isoc.org/HMP/PAPER/244/abst.html
Secure TCP -- Providing Security Functions in TCP Layer
by Toshiyuki Tsutsumi, and Suguru Yamaguchi
http://www.isoc.org/HMP/PAPER/144/abst.html
Measured Interference of Security Mechanisms with Network Performance
by K. Claffy, Hans-Werner Braun, Andrew Gross
http://www.isoc.org/HMP/PAPER/215/abst.html
Information on the Sept. NIS&T Key Escrow Export meeting
http://www.isse.gmu.edu/students/pfarrell/nistmeeting.html
"NIST/NSA/DoJ view of SKE" by Carl Ellison
http://www.clark.net/pub/cme/html/nist-ske.html
________________________________________________________________________
________________________________________________________________________
Interesting Links [new entries only]
________________________________________________________________________
Format:
Description (first lines) followed by URL (last line)
Government sources/information:
-------------------------------
No new ones this issue
Professional societies and organizations:
-----------------------------------------
No new ones this issue
Other places for interesting research papers, announcements, assistance
-----------------------------------------------------------------------
Pathfinder: Time-Warner Publications
http://www.pathfinder.com
Unix Security
http://www.alw.nih.gov/Security/security.html
________________________________________________________________________
Data Security Letter Subscription Offer
________________________________________________________________________
A special subscription rate of $25/year for the Data Security Letter
is now available to IEEE TC members. The DSL is an external, nonpartisan
newsletter published by Trusted Information Systems, Inc. Eleven issues
(usually 16 pages each) per year are published. The DSL welcomes reader
suggestions and contributions and accepts short research abstracts
(about 130 words) for publication on an ongoing basis. On occasion, the
DSL will be republishing Cipher acticles (with authors' approval), but
such articles will constitute a small portion of DSL content (thus there
will be very little duplication of Cipher material).
IEEE TC members wishing to take advantage of the special subscription rate
should send the following to sharon@tis.com. The information can also be
faxed to 301-854-5363 (attention: DSL) or phoned to 301-854-5338.
NAME:
POSTAL ADDRESS:
(Please indicate company name, if a business address)
PHONE:
(Please indicate if home or business)
FAX:
E-MAIL:
IEEE Membership No. (if applicable):
NOTE: If you are already a paying subscriber to the DSL, for the $25 you
will receive a 2-year renewal; refunds, rebates, etc., on your current
subscription are not available.
If you have any questions about the offer or anything else pertaining
to the DSL, you may contact the editor, Sharon Osuna, via E-Mail to
sharon@tis.com or call her at 301-854-5338.
________________________________________________________________________
How to join the TC on Security and Privacy
________________________________________________________________________
You do NOT have to join either IEEE or the IEEE Computer Society to
join the TC, and there is no cost to join the TC. All you need to do
is fill out an application form and mail or fax it to the IEEE Computer
Society. A copy of the form is included below (to simplify things, I
have omitted the list of other TCs and just included the TC on Security
and Privacy, which I have marked) The full and complete form is
available on the IEEE Computer Society's Web Server at URL:
http://info.computer.org:80/tab/tcapplic.htm
PLEASE NOTE THAT THE FORM IS TO BE RETURNED (BY MAIL OR FAX) TO THE
IEEE COMPUTER SOCIETY, >>NOT<< TO CIPHER.
---------
IEEE Computer Society
Technical Committee Membership Application
-----------------------------------------------------------
Please print clearly or type.
-----------------------------------------------------------
Last Name First Name Middle Initial
___________________________________________________________
Company/Organization
___________________________________________________________
Office Street Address (Please use street addresses over P.O.)
___________________________________________________________
City State
___________________________________________________________
Country Postal Code
___________________________________________________________
Office Phone Fax
___________________________________________________________
Email Address (Internet accessible)
___________________________________________________________
Home Address (optional)
___________________________________________________________
Home Phone
___________________________________________________________
[ ] I am a member of the Computer Society
IMPORTANT: IEEE Member/Affiliate/Computer Society Number:
____________________
[ ] I am not a member of the Computer Society*
Please Note: In some TCs only current Computer Society members are
eligible to receive Technical Committee newsletters.
Please select up to four Technical Committees/Technical Councils of
interest.
TECHNICAL COMMITTEES
[ X ] T27 Security and Privacy
Please Return Form To:
IEEE Computer Society
1730 Massachusetts Ave, NW
Washington, DC 20036-1992
Phone: (202) 371-0101
FAX: (202) 728-9614
________________________________________________________________________
TC Publications for Sale
________________________________________________________________________
Despite the sweltering D.C. summer just ending, the Proceedings of the
1995 IEEE Symposium on Security and Privacy remain as fresh and green
as they were last spring. They continue to be available, along with
those old favorites in blue, orange, and pink, for purchase by TC
members at favorable rates. Current issues in stock and continuing
LOW PRICES are as follows:
Price by mail
from TC IEEE CS Press IEEE CS Press
Year TC members IEEE member price List Price
---- ---------- ----------------- -------------
1992 $10 Only available from TC!
1993 $15 Only available from TC!
1994 $20 $30+$4 S&H $60+$5 S&H
1995 $25 $25+$4 S&H $50+$4 S&H
For overseas delivery:
-- by surface mail, please add $5 per order (3 volumes or fewer)
-- by air mail, please add $10 per volume
to the prices listed above.
If you would like to place an order, please send a letter specifying
o which issues you would like,
o where to send them, and
o a check in US dollars, payable to the 1995 IEEE Symposium on
Security and Privacy to:
Charles N. Payne
Treasurer, IEEE TC on Security and Privacy
Secure Computing Corp.
2675 Long Lake Rd.
Roseville, MN 55113
We remain unready to plunge our figurative toe into the inviting but
potentially treacherous waters of electronic commerce!
________________________________________________________________________
TC Officer Roster
________________________________________________________________________
Chair: Vice Chair:
Deborah Cooper Charles P. Pfleeger
P.O. Box 17753 Trusted Information Systems(UK) Ltd.
Arlington, VA 22216 41 Surbiton Road
(703)908-9312 voice and fax Kingston upon Thames KT1 2HG
dmcooper@ix.netcom.com ENGLAND
pfleeger@tis.com
Newsletter Editor: Chair, Subcommittee on Academic Affairs:
Carl Landwehr Prof. Karl Levitt
Code 5542 University of California, Davis
Naval Research Laboratory Division of Computer Science
Washington, DC 20375-5337 Davis CA 95611
(202)767-3381 (916)752-0832
landwehr@itd.nrl.navy.mil levitt@iris.ucdavis.edu
Standards Subcommittee Chair: Nominations invited
________________________________________________________________________
Information for Subscribers and Contributors
________________________________________________________________________
SUBSCRIPTIONS: Two options:
1. To receive the full ascii CIPHER issues as e-mail, send e-mail to
(which is NOT automated) with subject line "subscribe".
2. To receive a short e-mail note announcing when a new issue of CIPHER
is available for Web browsing or downloading from our ftp server
send e-mail to
(which is NOT automated) with subject line "subscribe postcard".
To remove yourself from the subscription list, send e-mail to
cipher-request@itd.nrl.navy.mil with subject line "unsubscribe".
Those with access to hypertext browsers may prefer to read Cipher that
way. It can be found at URL
http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher
CONTRIBUTIONS: to are invited. Cipher is a
NEWSletter, not a bulletin board or forum. It has a fixed set of
departments, defined by the Table of Contents. Please indicate in the
subject line for which department your contribution is intended. For
Calendar entries, please include an e-mail address for the
point-of-contact. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS;
USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect
stated copyright notices, and should cite the sources explicitly; as a
courtesy, publications using Cipher material should obtain permission
from the contributors.
BACK ISSUES:
There is an archive that includes each copy distributed so far, in ascii,
in files you can download at URL
http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher/cipher-archive.html
There is also an anonymous FTP server that contains the same files.
To access the archive via anonymous FTP:
1. ftp www.itd.nrl.navy.mil
2. At prompt for ID, enter "anonymous"
3. At prompt for password, enter your actual, full e-mail address
4. Once you are logged in, change to the Cipher Directory:
cd pub/cipher
5. Now you can request any of the files containing Cipher issues in ascii.
Issues are named in the form: EI#N.9506 where N is the number of the
issue desired and 9506 captures the year and month it first appeared.
=======end of Electronic Cipher Issue #9, 18 September 1995================